spdx3: support to override the version of a package in SBOM 3

By default, still use ${PV} as the the version of a package in SBOM 3
$ bitbake acl
$ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
...
    {
      "type": "software_Package",
       ...
      "name": "acl",
      "software_packageVersion": "2.3.2"
    },
...

Support to override it by setting SPDX_PACKAGE_VERSION, such as
set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append
PR to software_packageVersion in SBOM 3
$ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf
$ bitbake acl
$ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
...
    {
      "type": "software_Package",
       ...
      "name": "acl",
      "software_packageVersion": "2.3.2-r0"
    },
...

(From OE-Core rev: e6ff5f4d870624795bd36572f5c2bfeec90d83ce)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/classes/create-spdx-3.0.bbclass

@@ -113,6 +113,9 @@ SPDX_ON_BEHALF_OF[doc] = "The base variable name to describe the Agent on who's
 SPDX_PACKAGE_SUPPLIER[doc] = "The base variable name to describe the Agent who \
     is supplying artifacts produced by the build"
 
+SPDX_PACKAGE_VERSION ??= "${PV}"
+SPDX_PACKAGE_VERSION[doc] = "The version of a package, software_packageVersion \
+    in software_Package"
 
 IMAGE_CLASSES:append = " create-spdx-image-3.0"
 SDK_CLASSES += "create-spdx-sdk-3.0"

meta/lib/oe/spdx30_tasks.py

@@ -606,7 +606,7 @@ def create_spdx(d):
                     _id=pkg_objset.new_spdxid("package", pkg_name),
                     creationInfo=pkg_objset.doc.creationInfo,
                     name=pkg_name,
-                    software_packageVersion=d.getVar("PV"),
+                    software_packageVersion=d.getVar("SPDX_PACKAGE_VERSION"),
                 )
             )
             set_timestamp_now(d, spdx_package, "builtTime")